/** * generate voting-form */ protected function generateVotingForm() { if (!$this->loggedInUser || $this->loggedInUser->id == $this->ratedUser->id) { return; } $strFields = ''; $scoreError = false; $this->Template->formId = 'tl_comments_' . $this->id; $this->Template->action = \Environment::get('indexFreeRequest'); $this->Template->enctype = 'application/x-www-form-urlencoded'; $arrFields = array(); $objComment = new \CommentsModel(); // Build the form $arrFF = array('comment', 'score', 'captcha'); foreach ($arrFF as $field) { $arrData =& $GLOBALS['TL_DCA']['tl_comments']['fields'][$field]; $strClass = $GLOBALS['TL_FFL'][$arrData['inputType']]; $arrData['eval']['tableless'] = 'true'; $arrData['label'] = $GLOBALS['TL_LANG']['tl_comments'][$field][0]; $varValue = ''; $objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $varValue, '', '', $this)); $objWidget->storeValues = true; // Validate the form data if (\Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) { $objWidget->validate(); $varValue = $objWidget->value; // check vor valid score interval if ($field == 'score') { if (!mberegi('^(1|2|3|4|5)\\d{0}$', $varValue)) { $doNotSubmit = true; $scoreError = true; } } // Do not submit the field if there are errors if ($objWidget->hasErrors()) { $doNotSubmit = true; } elseif ($objWidget->submitInput()) { $blnModified = true; // Store the form data $_SESSION['FORM_DATA'][$field] = $varValue; // Set the correct empty value (see #6284, #6373) if ($varValue === '') { $varValue = $objWidget->getEmptyValue(); } // Set the new value if ($field !== 'captcha') { $objComment->{$field} = $varValue; } } } $temp = $objWidget->parse(); // add a hidden field for the starrating if ($field == 'score') { $temp = '<input type="hidden" name="score" id="ctrl_score" value="">'; } $strFields .= $temp; $arrFields[$field] = $temp; } // Save the model if ($doNotSubmit !== true && $blnModified && \Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) { $objComment->owner = $this->loggedInUser->id; $objComment->dateOfCreation = time(); $objComment->source = 'tl_member'; $objComment->ip = \Environment::get('ip'); $objComment->activation_token = md5(session_id() . time() . $this->loggedInUser->id); $objComment->parent = $this->ratedUser->id; $objComment->published = 0; $objComment->save(); $this->log('A new entry "tl_comments.id=' . $objComment->id . '" has been created', __METHOD__, TL_GENERAL); // notify rated member if ($this->notifyRatedUser && $objComment->id > 0 && $objComment->comment != '') { $this->notifyUser($objComment); } $this->jumpToOrReload($this->jumpTo); } if ($scoreError) { $strFields = '<p class="error">Bitte eine gültige Punktzahl vergeben.</p>' . $strFields; } $this->Template->slabel = specialchars($GLOBALS['TL_LANG']['MSC']['saveData']); $this->Template->fields = $strFields; $this->Template->arrFields = $arrFields; // shit storm protection if ($this->blockingTime > 0) { $objRatings = $this->Database->prepare("SELECT * FROM tl_comments WHERE source = ? AND parent = ? AND owner = ? AND dateOfCreation > ? ORDER BY dateOfCreation DESC")->limit(1)->execute('tl_member', $this->ratedUser->id, $this->loggedInUser->id, time() - $this->blockingTime); if ($objRatings->numRows > 0) { $this->Template->commentFormLocked = true; $time = $this->blockingTime - (time() - $objRatings->dateOfCreation); $h = floor($time / 3600); $min = floor(($time / 3600 - $h) * 60); if ($time <= 60) { $this->Template->commentFormLockedTime = $time . ' s'; } else { $this->Template->commentFormLockedTime = ($h > 0 ? $h . ' h ' : '') . $min . ' min'; } } } }
/** * Notify the subscribers of new comments * * @param \CommentsModel $objComment */ public static function notifyCommentsSubscribers(\CommentsModel $objComment) { // Notified already if ($objComment->notified) { return; } $objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent); // No subscriptions if ($objNotify === null) { return; } while ($objNotify->next()) { // Don't notify the commentor about his own comment if ($objNotify->email == $objComment->email) { continue; } // Prepare the URL $strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url; $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove); $objEmail->sendTo($objNotify->email); } $objComment->notified = 1; $objComment->save(); }
/** * Add comments to a template * @param \FrontendTemplate * @param \stdClass * @param string * @param integer * @param array */ public function addCommentsToTemplate(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $arrNotifies) { global $objPage; $limit = 0; $offset = 0; $total = 0; $gtotal = 0; $arrComments = array(); $objTemplate->comments = array(); // see #4064 // Pagination if ($objConfig->perPage > 0) { // Get the total number of comments $intTotal = \CommentsModel::countPublishedBySourceAndParent($strSource, $intParent); $total = $gtotal = $intTotal; // Get the current page $id = 'page_c' . $this->id; $page = \Input::get($id) ?: 1; // Do not index or cache the page if the page number is outside the range if ($page < 1 || $page > max(ceil($total / $objConfig->perPage), 1)) { global $objPage; $objPage->noSearch = 1; $objPage->cache = 0; // Send a 404 header header('HTTP/1.1 404 Not Found'); $objTemplate->allowComments = false; return; } // Set limit and offset $limit = $objConfig->perPage; $offset = ($page - 1) * $objConfig->perPage; // Initialize the pagination menu $objPagination = new \Pagination($total, $objConfig->perPage, 7, $id); $objTemplate->pagination = $objPagination->generate("\n "); } $objTemplate->allowComments = true; // Get all published comments if ($limit) { $objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent, $limit, $offset); } else { $objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent); } if ($objComments !== null && ($total = $objComments->count()) > 0) { $count = 0; if ($objConfig->template == '') { $objConfig->template = 'com_default'; } $objPartial = new \FrontendTemplate($objConfig->template); while ($objComments->next()) { $objPartial->setData($objComments->row()); // Clean the RTE output if ($objPage->outputFormat == 'xhtml') { $objComments->comment = \String::toXhtml($objComments->comment); } else { $objComments->comment = \String::toHtml5($objComments->comment); } $objPartial->comment = trim(str_replace(array('{{', '}}'), array('{{', '}}'), $objComments->comment)); $objPartial->datim = $this->parseDate($objPage->datimFormat, $objComments->date); $objPartial->date = $this->parseDate($objPage->dateFormat, $objComments->date); $objPartial->class = ($count < 1 ? ' first' : '') . ($count >= $total - 1 ? ' last' : '') . ($count % 2 == 0 ? ' even' : ' odd'); $objPartial->by = $GLOBALS['TL_LANG']['MSC']['comment_by']; $objPartial->id = 'c' . $objComments->id; $objPartial->timestamp = $objComments->date; $objPartial->datetime = date('Y-m-d\\TH:i:sP', $objComments->date); $objPartial->addReply = false; // Reply if ($objComments->addReply && $objComments->reply != '') { if (($objAuthor = $objComments->getRelated('author')) !== null) { $objPartial->addReply = true; $objPartial->rby = $GLOBALS['TL_LANG']['MSC']['reply_by']; $objPartial->reply = $this->replaceInsertTags($objComments->reply); $objPartial->author = $objAuthor; // Clean the RTE output if ($objPage->outputFormat == 'xhtml') { $objPartial->reply = \String::toXhtml($objPartial->reply); } else { $objPartial->reply = \String::toHtml5($objPartial->reply); } } } $arrComments[] = $objPartial->parse(); ++$count; } } $objTemplate->comments = $arrComments; $objTemplate->addComment = $GLOBALS['TL_LANG']['MSC']['addComment']; $objTemplate->name = $GLOBALS['TL_LANG']['MSC']['com_name']; $objTemplate->email = $GLOBALS['TL_LANG']['MSC']['com_email']; $objTemplate->website = $GLOBALS['TL_LANG']['MSC']['com_website']; $objTemplate->commentsTotal = $limit ? $gtotal : $total; // Get the front end user object $this->import('FrontendUser', 'User'); // Access control if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) { $objTemplate->requireLogin = true; return; } // Form fields $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true))); // Captcha if (!$objConfig->disableCaptcha) { $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true)); } // Comment field $arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true)); $doNotSubmit = false; $arrWidgets = array(); $strFormId = 'com_' . $strSource . '_' . $intParent; // Initialize widgets foreach ($arrFields as $arrField) { $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']]; // Continue if the class is not defined if (!$this->classFileExists($strClass)) { continue; } $arrField['eval']['required'] = $arrField['eval']['mandatory']; $objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value'])); // Validate the widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); if ($objWidget->hasErrors()) { $doNotSubmit = true; } } $arrWidgets[$arrField['name']] = $objWidget; } $objTemplate->fields = $arrWidgets; $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit']; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->messages = ''; // Backwards compatibility $objTemplate->formId = $strFormId; $objTemplate->hasError = $doNotSubmit; // Do not index or cache the page with the confirmation message if ($_SESSION['TL_COMMENT_ADDED']) { global $objPage; $objPage->noSearch = 1; $objPage->cache = 0; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm']; $_SESSION['TL_COMMENT_ADDED'] = false; } // Add the comment if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) { $strWebsite = $arrWidgets['website']->value; // Add http:// to the website if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) { $strWebsite = 'http://' . $strWebsite; } // Do not parse any tags in the comment $strComment = htmlspecialchars(trim($arrWidgets['comment']->value)); $strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment); // Remove multiple line feeds $strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment); // Parse BBCode if ($objConfig->bbcode) { $strComment = $this->parseBbCode($strComment); } // Prevent cross-site request forgeries $strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment); $time = time(); // Prepare the record $arrSet = array('source' => $strSource, 'parent' => $intParent, 'tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1); $objComment = new \CommentsModel(); $objComment->setRow($arrSet); $objComment->save(); $insertId = $objComment->id; // HOOK: add custom logic if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) { foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($insertId, $arrSet, $this); } } // Notification $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Environment::get('host')); // Convert the comment to plain text $strComment = strip_tags($strComment); $strComment = \String::decodeEntities($strComment); $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment); // Add comment details $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Environment::get('base') . \Environment::get('request'), \Environment::get('base') . 'contao/main.php?do=comments&act=edit&id=' . $insertId); // Do not send notifications twice if (is_array($arrNotifies)) { $arrNotifies = array_unique($arrNotifies); } $objEmail->sendTo($arrNotifies); // Pending for approval if ($objConfig->moderate) { $_SESSION['TL_COMMENT_ADDED'] = true; } $this->reload(); } }